The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles
The definition of createUser as follows
{ user: "<name>", pwd: "password>", customData: { <User Tag> }, roles: [ { role: "<role>", db: "<database>" }, { role: "<role>", db: "<database>"}, ... ] }
Role
Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are
Database User Roles
- read
- readWrite
Database Administration Roles
- dbAdmin
- dbOwner
- userAdmin
Cluster Administration Roles
- clusterAdmin
- clusterManager
- clusterMonitor
- hostManager
Backup and Restoration Roles
- backup
- restore
All-Database Roles
- readAnyDatabase
- readWriteAnyDatabase
- userAdminAnyDatabase
- dbAdminAnyDatabase
Superuser Roles
- root
Internal Role
- –system
The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles
Create User
db.createUser( { user: "reportUser", pwd: "12345678", roles: [ {role: "read", db :"northwind"}, {role: "readWrite", db: "records"}, {role: "backup", db: "admin"}, {role:"clusterAdmin", db: "admin"}, {role:"readAnyDatabase", db: "admin"} ] } )
Identify the user roles by using db.getUser()
db.getUser("reportUser")
Change Password
>db.changeUserPassword("reportUser","!@#$1234Mongo")
Drop a user from mongodb using the db.dropUser()
>db.dropUser("reportUser")
Revoke a role from the user using revokeRolesFromUser()
>db.revokRolesFromUser( "reportUser", [ {role: "readWrite", db:" northwind"}, {role: "backup", db: "admin"} ] )